Verifying compliance of trusted programs
作者: Sandra Rueda , Trent Jaeger , Dave King
DOI:
关键词: Mandatory access control 、 Computer science 、 Reference monitor 、 Initialization 、 Access control 、 Compliance (psychology) 、 Computer security 、 Root (linguistics) 、 Server 、 Enforcement
摘要: In this paper, we present an approach for verifying that trusted programs correctly enforce system security goals when deployed. A program is to only perform safe operations despite have the authority unsafe operations; example, initialization programs, administrative root network daemons, etc. Currently, these are without concrete justification. The emergence of tools building guarantee policy enforcement, such as security-typed languages (STLs), and mandatory access control systems, user-level servers, finally offers a basis justifying trust in programs: can determine whether be deployed compliance with reference monitor concept. Since policies defined independently, often using different models, all deployments may difficult achieve practice, however. We observe integrity must dominate data, use insight, which call PIDSI approach, infer relationship between policies, enabling automated verification. find consistent SELinux its programs. As result, designed independently their target yet still manner ensures enforcement goals.
elsevier.com参考文章(22)
K. J. Biba, Integrity Considerations for Secure Computer Systems ,(1977)
Andrew C. Myers, Barbara Liskov, A decentralized model for information flow control symposium on operating systems principles. ,vol. 31, pp. 129- 142 ,(1997) , 10.1145/268998.266669
Ninghui Li, Ziqing Mao, Hong Chen, Usable Mandatory Integrity Protection for Operating Systems ieee symposium on security and privacy. pp. 164- 178 ,(2007) , 10.1109/SP.2007.37
Andrew C. Myers, Barbara Liskov, Protecting privacy using the decentralized label model ACM Transactions on Software Engineering and Methodology. ,vol. 9, pp. 410- 442 ,(2000) , 10.1145/363516.363526
Andrew C. Myers, JFlow Proceedings of the 26th ACM SIGPLAN-SIGACT symposium on Principles of programming languages - POPL '99. pp. 228- 241 ,(1999) , 10.1145/292540.292561
M. Koch, L. V. Mancini, F. Parisi-Presicce, On the specification and evolution of access control policies Proceedings of the sixth ACM symposium on Access control models and technologies - SACMAT '01. pp. 121- 130 ,(2001) , 10.1145/373256.373280
Boniface Hicks, Dave King, Patrick McDaniel, Michael Hicks, Trusted declassification: Proceedings of the 2006 workshop on Programming languages and analysis for security - PLAS '06. pp. 65- 74 ,(2006) , 10.1145/1134744.1134757
Nikhil Swamy, Brian J. Corcoran, Michael Hicks, Fable: A Language for Enforcing User-defined Security Policies ieee symposium on security and privacy. pp. 369- 383 ,(2008) , 10.1109/SP.2008.29
Reiner Sailer, Trent Jaeger, Umesh Shankar, Toward Automated Information-Flow Integrity Verification for Security-Critical Applications. network and distributed system security symposium. ,(2006)
James P. Anderson, Computer Security Technology Planning Study ,(1972)